more security

This commit is contained in:
Moon Man 2020-03-22 17:47:45 +00:00
parent 8d51aae70c
commit 5e582e1990
1 changed files with 27 additions and 9 deletions

View File

@ -20,17 +20,35 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
for {emojo_shortcode, emojo_url} <- foreign_emoji, for {emojo_shortcode, emojo_url} <- foreign_emoji,
!has_emojo(installed_emoji, emojo_shortcode) do !has_emojo(installed_emoji, emojo_shortcode) do
Logger.debug("HANDLING EMOJO") Logger.debug("HANDLING EMOJO")
remote_emojo = HTTPoison.get!(emojo_url)
with {:ok, current_dir} <- File.cwd() do
new_file = current_dir <> "/priv/static/emoji/stolen/" <> emojo_shortcode <> Path.extname(emojo_url)
{:ok, file} = File.open(new_file, [:write]) cond do
IO.binwrite(file, remote_emojo.body) String.contains?(emojo_shortcode, "/") ->
File.close(file) Logger.error("BAD EMOJO SHORTCODE: #{emojo_shortcode}")
Logger.debug("SAVED EMOJO")
new_file String.starts_with?(emojo_url, "https://") ->
try do
remote_emojo = HTTPoison.get!(emojo_url)
if remote_emojo.status_code == 200 do
with {:ok, current_dir} <- File.cwd() do
new_file = current_dir <> "/priv/static/emoji/stolen/" <> emojo_shortcode <> Path.extname(emojo_url)
{:ok, file} = File.open(new_file, [:write])
IO.binwrite(file, remote_emojo.body)
File.close(file)
Logger.debug("SAVED EMOJO")
new_file
end
end
rescue
e in RuntimeError -> Logger.error("FAILED TO QUERY REMOTE EMOJO #{emojo_url} #{e}")
end
true ->
Logger.error("EMOJO COND FAIL #{emojo_shortcode} #{emojo_url}")
end end
end end
Logger.debug("EMOJI FILES: #{inspect(new_files)}") Logger.debug("EMOJI FILES: #{inspect(new_files)}")